Rate limits

Every SDK API route runs rate limiting immediately after authentication. Limits apply per API key using a 60-second fixed window, based on the key's environment column on sdk_api_keys.

environment	Limit (requests / minute)
`sandbox`	5
`development`	60
`production`	120

When the limit is exceeded

The API responds with 429 and a JSON body similar to:

JSON

{
  "error": "RATE_LIMIT_EXCEEDED",
  "message": "...",
  "limit": 5,
  "windowSeconds": 60,
  "retryAfterSeconds": 42,
  "environment": "sandbox"
}

The Retry-After response header is set to retryAfterSeconds (seconds until the current window resets). Use that value before retrying the same key.

429

RATE_LIMIT_EXCEEDED — too many requests for this API key in the current minute window.